If you wish to restrict access to portions of your site based on the
host address of your visitors, this is most easily done using
mod_authz_host.

The Require
provides a variety of different ways to allow or deny access to
resources. In conjunction with the RequireAll, RequireAny, and RequireNone directives, these
requirements may be combined in arbitrarily complex ways, to enforce
whatever your access policy happens to be.

The Allow,
Deny, and
Order directives,
provided by mod_access_compat, are deprecated and
will go away in a future version. You should avoid using them, and
avoid outdated tutorials recommending their use.

The usage of these directives is:

Require host address
Require ip ip.address

In the first form, address is a fully qualified
domain name (or a partial domain name); you may provide multiple
addresses or domain names, if desired.

In the second form, ip.address is an IP address, a
partial IP address, a network/netmask pair, or a network/nnn CIDR
specification. Either IPv4 or IPv6 addresses may be used.

You can insert not to negate a particular requirement.
Note, that since a not is a negation of a value, it cannot
be used by itself to allow or deny a request, as not true
does not constitute false. Thus, to deny a visit using a negation,
the block must have one element that evaluates as true or false.
For example, if you have someone spamming your message
board, and you want to keep them out, you could do the
following:

Using the <If>,
you can allow or deny access based on arbitrary environment
variables or request header values. For example, to deny access
based on user-agent (the browser type) you might do the
following:

This will return a 403 Forbidden response for any request after 8pm
or before 7am. This technique can be used for any criteria that you wish
to check. You can also redirect, or otherwise rewrite these requests, if
that approach is preferred.

The <If> directive,
added in 2.4, replaces many things that mod_rewrite has
traditionally been used to do, and you should probably look there first
before resorting to mod_rewrite.

Notice:This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.